ID

VAR-201911-1655


CVE

CVE-2019-10566


TITLE

plural Snapdragon Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-012198

DESCRIPTION

Buffer overflow can occur in wlan module if supported rates or extended rates element length is greater than max rate set length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR2130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. WLAN HOST in several Qualcomm products has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.16

sources: NVD: CVE-2019-10566 // JVNDB: JVNDB-2019-012198 // CNVD: CNVD-2020-16054

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16054

AFFECTED PRODUCTS

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 2.2

vendor:qualcommmodel:nicobarscope: - version: -

Trust: 1.4

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcn7605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9207cscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8053scope: - version: -

Trust: 0.8

vendor:qualcommmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9207cscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8905scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdmscope:eqversion:9607

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9650

Trust: 0.6

vendor:qualcommmodel:msm 8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcsscope:eqversion:405

Trust: 0.6

vendor:qualcommmodel:mdmscope:eqversion:9206

Trust: 0.6

vendor:qualcommmodel:qca 6574auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qca 6174ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:9377

Trust: 0.6

vendor:qualcommmodel:qcascope:eqversion:9379

Trust: 0.6

vendor:qualcommmodel:apq 8096auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdmscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:msmscope:eqversion:8905

Trust: 0.6

vendor:qualcommmodel:mdm 9207cscope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcnscope:eqversion:7605

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8017

Trust: 0.6

vendor:qualcommmodel:apqscope:eqversion:8053

Trust: 0.6

vendor:qualcommmodel:sdascope:eqversion:605

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdxscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:smscope:eqversion:20

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:6150

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:8150

Trust: 0.6

vendor:qualcommmodel:sxrscope:eqversion:8250

Trust: 0.6

sources: CNVD: CNVD-2020-16054 // JVNDB: JVNDB-2019-012198 // CNNVD: CNNVD-201910-354 // NVD: CVE-2019-10566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10566
value: HIGH

Trust: 1.0

NVD: CVE-2019-10566
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-16054
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-354
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-10566
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16054
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-10566
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10566
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16054 // JVNDB: JVNDB-2019-012198 // CNNVD: CNNVD-201910-354 // NVD: CVE-2019-10566

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2019-012198 // NVD: CVE-2019-10566

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-354

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201910-354

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:apq8017_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:apq8053_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:apq8096au_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9207c_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9650_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:msm8905_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:msm8996au_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:nicobar_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2019-012198

PATCH

title:October 2019 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Trust: 0.8

title:Patch for Multiple Qualcomm plugin buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/207829

Trust: 0.6

title:Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99047

Trust: 0.6

sources: CNVD: CNVD-2020-16054 // JVNDB: JVNDB-2019-012198 // CNNVD: CNNVD-201910-354

EXTERNAL IDS

db:NVDid:CVE-2019-10566

Trust: 3.0

db:JVNDBid:JVNDB-2019-012198

Trust: 0.8

db:CNVDid:CNVD-2020-16054

Trust: 0.6

db:CNNVDid:CNNVD-201910-354

Trust: 0.6

sources: CNVD: CNVD-2020-16054 // JVNDB: JVNDB-2019-012198 // CNNVD: CNNVD-201910-354 // NVD: CVE-2019-10566

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10566

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10566

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549

Trust: 0.6

sources: CNVD: CNVD-2020-16054 // JVNDB: JVNDB-2019-012198 // CNNVD: CNNVD-201910-354 // NVD: CVE-2019-10566

SOURCES

db:CNVDid:CNVD-2020-16054
db:JVNDBid:JVNDB-2019-012198
db:CNNVDid:CNNVD-201910-354
db:NVDid:CVE-2019-10566

LAST UPDATE DATE

2024-11-23T22:37:35.906000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-16054date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012198date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201910-354date:2019-12-02T00:00:00
db:NVDid:CVE-2019-10566date:2024-11-21T04:19:28.183

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-16054date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-012198date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201910-354date:2019-10-08T00:00:00
db:NVDid:CVE-2019-10566date:2019-11-21T15:15:13.620